OpenBSD 5.5

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/55.html,v retrieving revision 1.66 retrieving revision 1.67 diff -c -r1.66 -r1.67 *** www/55.html 2014/05/01 14:52:34 1.66 --- www/55.html 2014/05/02 18:58:56 1.67 *************** *** 1,1141 **** ! ! ! ! OpenBSD 5.5 ! ! ! ! ! ! ! ! ! ! ! !

! ! ! !

OpenBSD 5.5

! Released May 1, 2014
! Copyright 1997-2014, Theo de Raadt.
! ISBN 978-0-9881561-3-5 !
! 5.5 Song: "Wrap in Time" !

! !

Order a CDROM from our ordering system. !
See the information on the FTP page for ! a list of mirror machines. !
Go to the pub/OpenBSD/5.5/ directory on ! one of the mirror sites. !
Briefly read the rest of this document. !
Have a look at the 5.5 errata page for a list ! of bugs and workarounds. !
See a detailed log of changes between the ! 5.4 and 5.5 releases. !
!
5.5 base signify pubkey: RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h !
5.5 fw signify pubkey: RWTdVOhdk5qyNktv0iGV6OpaVfogGxTYc1bbkaUhFlExmclYvpJR/opO !
5.5 pkg signify pubkey: RWQQC1M9dhm/tja/ktitJs/QVI1kGTQr7W7jtUmdZ4uTp+4yZJ6RRHb5 !

!
! All applicable copyrights and credits can be found in the applicable ! file sources found in the files src.tar.gz, sys.tar.gz, ! xenocara.tar.gz, or in the files fetched via ports.tar.gz. The ! distribution files used to build packages from the ports.tar.gz file ! are not included on the CDROM because of lack of space. !

! ! !

What's New

! This is a partial list of new features and systems included in OpenBSD 5.5. ! For a comprehensive list, see the changelog leading ! to 5.5. !

! !

time_t is now 64 bits on all platforms. !
- From OpenBSD 5.5 onwards, OpenBSD is year 2038 ready and will run well beyond Tue Jan 19 03:14:07 2038 UTC. !
- The entire source tree (kernel, libraries, and userland programs) has been carefully and comprehensively audited to support 64-bit time_t. !
- Userland programs that were changed include ! arp(8), ! bgpd(8), ! calendar(8), ! cron(8), ! find(1), ! fsck_ffs(8), ! ifconfig(8), ! ksh(1), ! ld(1), ! ld.so(1), ! netstat(1), ! pfctl(8), ! ping(8), ! rtadvd(8), ! ssh(1), ! tar(1), ! tmux(1), ! top(1), ! and many others, including games! !
- Removed time_t from network, on-disk, and database formats. !
- Removed as many (time_t) casts as possible. !
- Format strings were converted to use %lld and (long long) casts. !
- Uses of timeval were converted to timespec where possible. !
- Parts of the system that could not use 64-bit time_t were converted to use unsigned 32-bit instead, so they are good till the year 2106. !
- Numerous ports throughout the ports tree received time_t fixes. !
!
! !
Releases and packages are now cryptographically signed with the ! signify(1) utility. !
- The installer will verify all sets before installing. !
- Installing without verification works, but is discouraged. !
- Users are advised to verify the installer (bsd.rd, install55.iso, etc.) ! ahead of time using the ! signify(1) tool if available. !
- pkg_add(1) now only trusts signed packages by default. !
!
! !
Installer improvements: !
- The installer now supports a scriptable ! auto-installation ! method that enables unattended installation and upgrades using a response file. !
- Disk images which can be written to a USB flash drive ! (miniroot55.fs [bsd.rd only] and install55.fs [bsd.rd + unsigned sets]) ! are now provided for amd64 and i386. !
- Rewritten ! installboot(8) ! utility aiming for a unified implementation across platforms (currently ! used by amd64 and i386 only). !
- The installer now parses nwids with embedded blanks correctly. !
!
! !
New/extended platforms: !
- OpenBSD/alpha: !
  - Multiprocessor support. !
  !
- OpenBSD/aviion: !
  - First self-hosting release for 88100-based AViiON systems. !
  !
- OpenBSD/armv7 replaces OpenBSD/beagle. !
!
! !
Improved hardware support, including: !
- New vmx(4) ! driver for VMware VMXNET3 Virtual Interface Controller devices. !
- New vmwpvs(4) ! driver for VMware Paravirtual SCSI. !
- New vioscsi(4) ! driver for VirtIO SCSI adapters. !
- New viornd(4) ! driver for VirtIO random number devices. !
- New ubcmtp(4) ! driver for Broadcom multi-touch trackpads found on newer Apple MacBook, ! MacBook Pro, and MacBook Air laptops. !
- New ugold(4) ! driver for TEMPer gold HID thermometers. !
- New ugl(4) ! driver for Genesys Logic based USB host-to-host adapters. !
- New qla(4) driver for Qlogic fibre channel HBAs. !
- radeondrm(4) ! has been overhauled, including: !
  - New port of the Radeon code in Linux 3.8.13.19. !
  - Support for Kernel Mode Setting (KMS) including support for ! additional output types such as DisplayPort. !
  - wsdisplay(4) ! now attaches to ! radeondrm(4) ! and provides a framebuffer console. !
  !
- inteldrm(4) ! has been updated to Linux 3.8.13.19 notably bringing Haswell stability fixes. !
- Support for Intel 8 Series Ethernet with i217/i218 PHYs, and ! i210/i211/i354 has been added to ! em(4). !
- Support for Intel Centrino Wireless-N 2200, 2230 and 105/135 has been added to ! iwn(4). !
- Support for Areca ARC-1880, ARC-1882, ARC-1883, ARC-1223, ARC-1214, ARC-1264, and ARC-1284 has been added to ! arc(4). !
- Support for Elantech v2 touchpads in pms(4) has been fixed. !
- Support for 802.11a (5Ghz) has been added to wpi(4). !
- Workarounds for firmware stability issues have been added to ! wpi(4), ! iwi(4), and ! iwn(4). !
- Support for RT3572 chips has been added to the ! ral(4) driver. !
- Support for RTL8106E chips has been added to the ! re(4) driver. !
- Support for RTS5229 card readers has been added to rtsx(4). !
- Support for Microsoft XBox 360 controllers has been added to the uhid(4) driver. !
- Support for CoreChip RD9700 USB Ethernet devices has been added to the udav(4) driver. !
- Further reliability improvements regarding suspend/resume and hibernation. !
- Enabled IPv6 transmit TCP/UDP checksum offload in ! jme(4). !
!
! !
Generic network stack improvements: !
- Added vxlan(4), ! a virtual extensible local area network tunnel interface. !
- pflow(4) ! now sends 64 bit time values for pflowproto 10. The changed templates / ! flows for pflowproto 10 are now parsable by existing receivers. !
- Continued improvement of the checksum offload framework to streamline ! the calculation of TCP, UDP, ICMP, and ICMPv6 checksums. !
- Enabled IPv6 routing domain support. !
!
! !
Routing daemons and other userland network improvements: !
- The popa3d POP3 server has been removed. !
- Added ntpctl(8), ! a program to control the Network Time Protocol daemon. !
- slowcgi(8) ! now works with a high number of concurrent connections. !
- The inetd-based identd has been replaced by a new libevent-based ! identd(8). !
- tcpdump(8) ! can now detect bad ICMP and ICMPv6 checksums when used with the -v flag. !
- Added rdomain support to IPv6 configuration tools ! ndp(8), ! rtsold(8), ! ping6(8), and ! traceroute6(8). !
- Added SNMPv2 client support to ! snmpctl(8) ! ("get", "walk", and "bulkwalk"). !
- relayd(8) ! now supports TLS Perfect Forward Secrecy (PFS) with ECDHE (Elliptic curve Diffie-Hellman) that is enabled by default. !
!
! !
pf(4) improvements: !
- New queueing system with new syntax. !
- The "received-on" parameter can now be used with the "any" keyword to ! match any existing interface except loopback ones. !
- The block policy in the default pf.conf(5) is now "block return". !
!
! !
dhcpd(8) and dhclient(8) improvements: !
- No longer create a route to the bound address via 127.0.0.1. !
- The options 'dhcp-lease-time', 'dhcp-rebinding-time', and 'dhcp-renewal-time' can now be configured in dhclient.conf(5). !
- 'next-server' (a.k.a. siaddr) info now saved in lease files. !
- Fall back to broadcasting when unicast renewal fails, as specified in ! RFC 2131 and friends. !
- Fix various problems in communications between privileged and non-privileged processes. !
- Fix many abuses of memcpy. !
- Stop pretending we still support FDDI or token ring hardware types. !
- Fix classless static routes option handling and add syntax to parse human-readable forms. !
- Fix 'effective' lease created by '-L' to have correct address, 'next_server', 'timestamp', and 'resolv_conf' fields. !
- Fix handling of non-printable characters in lease file strings. !
- Fix many edge cases in config file and lease parsing and ensure that error messages refer to the correct position in erroneous line. !
- dhclient.conf(5) can now override anything in an offer or saved lease when creating the effective lease. In particular, 'fixed-address', 'next-server', 'filename' and 'server-name'. !
- Fix parsing of dhclient.conf(5) statements 'fixed-address' and ! 'next-server'. !
- Log failures to fchmod() or fchown() files being written. !
- Create lease files with permissions 0640. !
- Fix possible failure to write resolv.conf(5) when -L is used. !
- 'send dhcp-client-identifier "";' in dhclient.conf(5) will result in no 'dhcp-client-identifier' (option 61) being sent. !
!
! !
iked(8) improvements: !
- Support for OCSP ("Online Certificate Status Protocol"); enable with "set ocsp URL". !
- Support for RSA public key authentication as an alternative to X.509 certificates or pre-shared keys. !
- Support for DPD ("Dead Peer Detection") similar to the implementation in ! isakmpd(8). !
- Support for dynamic IP address assignment from a pool in configuration mode; enabled with "config address net/pool-prefix". !
- Initial support for IPComp. !
- Various improvements and a thorough audit of the network input path. !
!
! !
OpenSMTPD 5.4.2 (includes changes to 5.4.1): !
- Introduce initial support for DSN extension: !
  - NOTIFY=SUCCESS, NOTIFY=FAILURE, NOTIFY=DELAY, NOTIFY=NEVER !
  - RET=HDRS, RET=FULL !
  !
- Introduce initial support for ENHANCEDSTATUSCODES extension: !
  - smtp process returns Enhanced Status Codes for most commands. !
  - other processes now have an API to return more precise codes ... !
  - ... which will be improved further with each version. !
  !
- Improved smtpctl(8): !
  - sendmail mode now supports DSN parameters !
  - Can now pause/resume a source address -> destination domain route. !
  - Can now display status of processes with smtpctl show status. !
  - show relays: displays list of currently active relays. !
  - show routes: displays status of routes currently known by smtpd. !
  - show hosts: displays list of known remote MX. !
  - show hoststats: display status of last delivery for active domains. !
  - resume route: resumes route temporarily disable by the MTA. !
  - pause/resume envelope: allows pausing individual envelopes. !
  - pause/resume message: allows pausing individual messages. !
  - encrypt: allows generating credentials suitable for authentication. !
  - show message/envelope is now compression/encryption aware. !
  !
- Introduced SNI support. !
- Improved configuration file: !
  - Removed last known ambiguity in grammar. !
  - Much simpler configuration for TLS-enabled hosts. !
  - Most parameters are now swappable in listen and accept rules. !
  - Conditions may be negated (ie: accept from ! <trusted> ...) !
  - Forward-only rules can be declared to impose ~/.forward files. !
  - New "recipient" keyword allows accept rule to provide a whitelist. !
  - Sender and recipient tables accept wildcard in their domains. !
  !
- TLS generic improvements: !
  - Support for TLS Perfect Forward Secrecy. !
  - Support for providing custom CA certificates. !
  !
- MTA improvements: !
  - mta may now require remote hosts to present valid certificates. !
  - Always attempt TLS before falling back to plaintext. !
  - Always present certificate if one is available. !
  - AUTH LOGIN now supported. !
  - MTA can now specify a EHLO-hostname when relaying. !
  !
- SMTP server improvements: !
  - IPv4-only and IPv6-only listeners are now possible. !
  - Listeners may now hide the From part in a Received-line. !
  - Listeners may require clients to provide a valid certificate. !
  - Banner hostname can now be dynamically fetched from a table. !
  !
- Queue improvements: !
  - Introduce an envelope cache in the queue to improve disk-IO pattern. !
  !
- Documentation: !
  - table(5) describes format for static, file and db backends. !
  - sendmail(8) describes our "sendmail" interface. !
  !
- Reduced memory usage in both general and stressed cases. !
- OpenSMTPD now automagically upgrades queue if the format changes! !
- Support Qmail-like "sticky home". !
- Support for authenticating users from a credentials table. !
- Introduce passwd(5) table backend for user and credentials lookup. !
- Expansion variables in ~/.forward now support modifiers. !
- Much more efficient scheduler! !
- Many documentation fixes and improvements. !
- And a lot of minor bug fixes and internal cleanup! !
!
! !
Security improvements: !
- Position-independent executables (PIE) are now used by default on i386. !
- The arc4random(3) ! functions now use the ChaCha20 cipher. !
- The kernel random number system is initially seeded by the bootloader, ! providing better random very early. !
- Kernel stack protector is also seeded via the same mechanism, providing ! protection earlier. !
- -Wbounded is now enabled in GCC by default. !
- Added explicit_bzero(3). !
!
! !
Performance improvements: !
- Relations between the buffer cache and swap daemon have been improved. !
!
! !
Threading improvements: !
- Interprocess semaphores via sem_open(3). !
- Running threaded processes under a debugger no longer causes panics. !
- SIGPROF and SIGVTALRM are now reliably delivered to the thread that was running when they were triggered. !
- Thread stacks now have a random bias. !
- fork(2) no longer changes the pthread_t of the forking thread in the child. !
- Signaling races eliminated from pthread_kill(3) and pthread_cancel(3). !
!
! !
Assorted improvements: !
- New in-memory file system, tmpfs. !
- Many fuse(4) improvements and stability fixes. !
- Added POSIX-required nl(1) utility. !
- OpenBSD/vax has switched to GCC 3. !
- Replaced getdirentries(2) with getdents(2), vastly improving the performance and memory usage of telldir(3). !
- amd64 and i386 now use the MWAIT instruction for their idle loop where available to reduce latency. !
- Added support for CLOCK_UPTIME. !
- Added tcgetsid(3). !
- clock_t is now a 64 bit type, so it no longer wraps around in only 248 days. !
- ino_t is now a 64 bit type, mostly to support large NFS filesystems. !
- Corrected handling of UTIME_OMIT. !
- pax(1) now sets the mode and timestamps correctly on symlinks, and makes hardlinks to symlinks when requested. !
- Corrected handling of shared library destructors when libc is statically linked. !
- Corrected various disk drivers to handle non-512-byte sectors and disk sizes greater than 32-bits. !
- Corrected growfs(8) to handle non-512-byte sectors and disk sizes greater than 32-bits. !
- All CIRCLEQ uses replaced with TAILQ. !
- Preserve and honour changes to the OpenBSD bounds in a disklabel. !
- fdisk(8) now always writes a good signature when the MBR is written to disk. !
- disklabel(8) now writes the disklabel to the correct location on non-512-byte sector devices. !
- Fix athn(4) tick calculations to eliminate excessive timeouts. !
- Allow disklabel(8) to set any partition, including 'C', to type UNUSED. !
- New sha512(1) tool to calculate and verify the SHA-512 checksums of files. !
- sha256(1) and related tools ! (cksum(1), ! md5(1), ! sha1(1), and ! sha512(1)) ! now support a new -h flag to place the checksum into a specified hash file instead of stdout. !
- sha256(1) and related tools now support a new -C flag that allows the verification of selected files in a checklist. !
- sha256(1) and related tools will now print MISSING if they encounter non-existent files in a checklist. !
- i386 and amd64 platforms can now boot from keydisk-based softraid(4) crypto volumes. !
- Allow softraid(4) to work with partitions larger than 2TB. !
- Removed experimental RAID 4 support from softraid(4). !
- Added experimental support for rebuilding RAID 5 softraid(4) volumes. Lots of testing is still required and there is missing functionality, such as the ability to resume a partially completed rebuild. bioctl(8) refuses to create RAID 5 volumes unless recompiled with -DRAID5. !
- The uhts(4) driver has been merged into ! ums(4). !
- Many new checks were added to portcheck(1) utility; now it catches almost every popular mistake that observed in ports in last years. !
!
! !
OpenSSH 6.6 (including changes to 6.5, a feature-focused release): !
- Security: !
  - sshd(8): ! when using environment passing with a ! sshd_config(5) ! AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could ! be tricked into accepting any enviornment variable that contains the ! characters before the wildcard character. !
  !
- New/changed features: !
  - ssh(1), ! sshd(8): ! Add support for key exchange using elliptic-curve Diffie Hellman ! in Daniel Bernstein's Curve25519. This key exchange method is ! the default when both the client and server support it. !
  - ssh(1), ! sshd(8): ! Add support for ED25519 as a public key type. ED25519 is ! a elliptic curve signature scheme that offers better security than ! ECDSA and DSA and good performance. It may be used for ! both user and host keys. !
  - Add a new private key format that uses a bcrypt KDF to better ! protect keys at rest. This format is used unconditionally for ! ED25519 keys, but may be requested when generating or saving ! existing keys of other types via the -o ! ssh-keygen(1) ! option. We intend to make the new format the default in the near ! future. Details of the new format are in the PROTOCOL.key ! file. !
  - ssh(1), ! sshd(8): ! Add a new transport cipher "chacha20-poly1305@openssh.com" that ! combines Daniel Bernstein's ChaCha20 stream cipher and ! Poly1305 MAC to build an authenticated encryption mode. Details ! are in the PROTOCOL.chacha20poly1305 file. !
  - ssh(1), ! sshd(8): ! Refuse RSA keys from old proprietary clients and servers that ! use the obsolete RSA+MD5 signature scheme. It will still be ! possible to connect with these clients/servers but only DSA keys ! will be accepted, and OpenSSH will refuse connection entirely in a ! future release. !
  - ssh(1), ! sshd(8): ! Refuse old proprietary clients and servers that use a weaker key ! exchange hash calculation. !
  - ssh(1): ! Increase the size of the Diffie-Hellman groups requested for ! each symmetric key size. New values from NIST Special Publication ! 800-57 with the upper limit specified by RFC 4419. !
  - ssh(1), ! ssh-agent(1): ! Support PKCS#11 tokens that only provide X.509 certs ! instead of raw public keys. (requested as bz#1908) !
  - ssh(1): ! Add a ! ssh_config(5) ! Match keyword that allows conditional configuration to be ! applied by matching on hostname, user and result of ! arbitrary commands. !
  - ssh(1): ! Add support for client-side hostname canonicalisation using a ! set of DNS suffixes and rules in ! ssh_config(5). ! This allows unqualified names to be canonicalised to fully-qualified ! domain names to eliminate ambiguity when looking up keys in ! known_hosts or checking host certificate names. !
  - sftp-server(8): ! Add the ability to whitelist and/or blacklist sftp protocol requests by ! name. !
  - sftp-server(8): ! Add a sftp "fsync@openssh.com" to support calling ! fsync(2) ! on an open file handle. !
  - sshd(8): ! Add a ! ssh_config(5) ! PermitTTY to disallow TTY allocation, mirroring the ! longstanding no-pty authorized_keys option. !
  - ssh(1): ! Add a ! ssh_config(5) ! ProxyUseFDPass option that supports the use of ! ProxyCommands that establish a connection and then pass a ! connected file descriptor back to ! ssh(1). ! This allows the ProxyCommand to exit rather than staying ! around to transfer data. !
  - ssh(1), ! sshd(8): ! this release removes the J-PAKE authentication code. This code ! was experimental, never enabled and had been unmaintained for some ! time. !
  - ssh(1): ! when processing Match blocks, skip 'exec' clauses ! other clauses predicates failed to match. !
  - ssh(1): ! if hostname canonicalisation is enabled and results in the destination ! hostname being changed, then re-parse ! ssh_config(5) ! files using the new destination hostname. This gives 'Host' ! and 'Match' directives that use the expanded hostname a chance ! to be applied. !
  !
- The following significant bugs have been fixed in this release: !
  - ssh(1), ! sshd(8): ! Fix potential stack exhaustion caused by nested certificates. !
  - ssh(1): ! make BindAddress work with UsePrivilegedPort. ! (bz#1211) !
  - sftp(1): ! fix the progress meter for resumed transfer. (bz#2137) !
  - ssh-add(1): ! do not request smartcard PIN when removing keys from ! ssh-agent(1). ! (bz#2187) !
  - sshd(8): ! fix re-exec fallback when original ! sshd(8) ! binary cannot be executed. (bz#2139) !
  - ssh-keygen(1): ! Make relative-specified certificate expiry times relative to current ! time and not the validity start time. !
  - sshd(8): ! fix AuthorizedKeysCommand inside a Match block. ! (bz#2161) !
  - sftp(1): ! symlinking a file would incorrectly canonicalise the target path. ! (bz#2129) !
  - ssh-agent(1): ! fix a use-after-free in the PKCS#11 agent helper executable. ! (bz#2175) !
  - sshd(8): ! Improve logging of sessions to include the user name, remote ! host and port, the session type (shell, command, ! etc.) and allocated TTY (if any). !
  - sshd(8): ! tell the client (via a debug message) when their preferred listen ! address has been overridden by the server's GatewayPorts ! setting. (bz#1297) !
  - sshd(8): ! include report port in bad protocol banner message. (bz#2162) !
  - sftp(1): ! fix memory leak in error path in do_readdir(). (bz#2163) !
  - sftp(1): ! don't leak file descriptor on error. (bz#2171) !
  - sshd(8): ! include the local address and port in "Connection ! from ..." message. (only shown at loglevel>=verbose) !
  - ssh(1): ! avoid spurious "getsockname failed: Bad file descriptor" in ! ssh -W. (bz#2200, debian#738692) !
  - sshd(8): ! allow the ! shutdown(2) ! syscall in seccomp-bpf and systrace sandbox modes, as it is reachable ! if the connection is terminated during the pre-auth phase. !
  - ssh(1), ! sshd(8): ! fix unsigned overflow that in SSH protocol 1 bignum parsing. ! Minimum key length checks render this bug unexploitable to compromise ! SSH 1 sessions. !
  - sshd_config(5) ! clarify behaviour of a keyword that appears in multiple matching ! Match blocks. (bz#2184) !
  - ssh(1): ! avoid unnecessary hostname lookups when canonicalisation is disabled. ! (bz#2205) !
  - sshd(8): ! avoid sandbox violation crashes in GSSAPI code by caching the supported ! list of GSSAPI mechanism OIDs before entering the sandbox. (bz#2107) !
  - ssh(1): ! fix possible crashes in SOCKS4 parsing caused by assumption that the ! SOCKS username is nul-terminated. !
  - ssh(1): ! fix regression for UsePrivilegedPort=yes when ! BindAddress is not specified. !
  - ssh(1), ! sshd(8): ! fix memory leak in ECDSA signature verification. !
  - ssh(1): ! fix matching of 'Host' directives in ! ssh_config(5) ! files to be case-insensitive again. (regression in 6.5) !
  !
!
! !
Ports and packages: !
- Over 8,700 ports. !
- Major overhaul of the package tools, resulting in much better memory usage. !
- pkg_add(1) now only trusts signed packages by default. !
- The build process now allows some limited capability for building ! conflicting packages, yielding KDE 4 packages as a result, along ! with KDE 3 ones. !
!
!

Many pre-built packages for each architecture: ! ! !

i386: 8468 !
sparc64: 7969 !
alpha: 6199 !
m68k: 3270 !

sh: 345 !
amd64: 8534 !
powerpc: 8057 !
m88k: 1258 !

sparc: 4681 !
arm: 6181 !
hppa: 6549 !

vax: 1007 !
mips64: 4726 !
mips64el: 6730 !

! !

Some highlights: !
- GNOME 3.10.2
- KDE 3.5.10 !
- KDE 4.11.5 !
- Xfce 4.10
- MySQL 5.1.73 !
- PostgreSQL 9.3.2
- Postfix 2.11.0 !
- OpenLDAP 2.3.43 and 2.4.38
- Mozilla Firefox 24.3 and 26.0 !
- Mozilla Thunderbird 24.3.0
- GHC 7.6.3 !
- LibreOffice 4.1.4.2
- Emacs 21.4 and 24.3 !
- Vim 7.4.135
- PHP 5.3.28 and 5.4.24 !
- Python 2.7.6 and 3.3.2
- Ruby 1.8.7.374, 1.9.3.484, 2.0.0.353 and 2.1.0 !
- Tcl/Tk 8.5.15 and 8.6.1
- JDK 1.6.0.32 and 1.7.0.21 !
- Mono 2.10.9
- Chromium 32.0.1700.102 !
- Groff 1.22.2
- Go 1.2 !
- GCC 4.6.4 and 4.8.2
- LLVM/Clang 3.3 !
- Node.js 0.10.24 !
!
! !
As usual, steady improvements in manual pages and other documentation. !
! !
The system includes the following major components from outside suppliers: !
- Xenocara (based on X.Org 7.7 with xserver 1.14.5 + patches, ! freetype 2.5.2, fontconfig 2.10.91, Mesa 9.2.5, xterm 301, ! xkeyboard-config 2.10.1 and more) !
- Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches) !
- Perl 5.16.3 (+ patches) !
- Our improved and secured version of Apache 1.3, with ! SSL/TLS and DSO support !
- Nginx 1.4.4 (+ patches) !
- OpenSSL 1.0.1c (+ patches) !
- SQLite 3.8.0.2 (+ patches) !
- Sendmail 8.14.8, with libmilter !
- Bind 9.4.2-P2 (+ patches) !
- NSD 4.0.1 !
- Lynx 2.8.7rel.2 with HTTPS and IPv6 support (+ patches) !
- Sudo 1.7.2p8 !
- Ncurses 5.7 !
- Heimdal 1.5.2 (+ patches) !
- Binutils 2.15 (+ patches) !
- Gdb 6.3 (+ patches) !
- Less 444 (+ patches) !
- Awk Aug 10, 2011 version !
! !

! ! !

How to install

! Following this are the instructions which you would have on a piece of ! paper if you had purchased a CDROM set instead of doing an alternate ! form of install. The instructions for doing an FTP (or other style ! of) install are very similar; the CDROM instructions are left intact ! so that you can see how much easier it would have been if you had ! purchased a CDROM instead. !

! !

! Please refer to the following files on the three CDROMs or FTP mirror for ! extensive details on how to install OpenBSD 5.5 on your machine: !

! !

! Quick installer information for people familiar with OpenBSD, and the ! use of the "disklabel -E" command. If you are at all confused when ! installing OpenBSD, read the relevant INSTALL.* file as listed above! !

! !

OpenBSD/i386:

CD1:5.5/i386/floppy55.fs

! Use CD1:5.5/i386/floppyB55.fs instead for greater SCSI controller ! support, or CD1:5.5/i386/floppyC55.fs for better laptop support. ! !

! If you can't boot from a CD or a floppy disk, ! you can install across the network using PXE as described in ! the included INSTALL.i386 document. ! !

! If you are planning on dual booting OpenBSD with another OS, you will need to ! read INSTALL.i386. ! !

! To make a boot floppy under MS-DOS, use the "rawrite" utility located ! at CD1:5.5/tools/rawrite.exe. To make the boot floppy under a Unix OS, ! use the ! dd(1) ! utility. The following is an example usage of ! dd(1), ! where the device could be "floppy", "rfd0c", or ! "rfd0a". ! !

! # dd if=<file> of=/dev/<device> bs=32k
!

! Make sure you use properly formatted perfect floppies with NO BAD BLOCKS or ! your install will most likely fail. For more information on creating a boot ! floppy and installing OpenBSD/i386 please refer to ! FAQ 4.3.2. !

! !

OpenBSD/amd64:

CD2:5.5/amd64/floppy55.fs

! If you can't boot from a CD or a floppy disk, ! you can install across the network using PXE as described in the included ! INSTALL.amd64 document. ! !

! If you are planning to dual boot OpenBSD with another OS, you will need to ! read INSTALL.amd64. !

! !

OpenBSD/macppc:

OpenBSD/macppc boot

! Alternatively, at the Open Firmware prompt, enter boot cd:,ofwboot ! /5.5/macppc/bsd.rd !

! !

OpenBSD/sparc64:

boot cdrom

! If this doesn't work, or if you don't have a CDROM drive, you can write ! CD3:5.5/sparc64/floppy55.fs or CD3:5.5/sparc64/floppyB55.fs ! (depending on your machine) to a floppy and boot it with boot ! floppy. Refer to INSTALL.sparc64 for details. ! !

! Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install ! will most likely fail. ! !

! You can also write CD3:5.5/sparc64/miniroot55.fs to the swap partition on ! the disk and boot with boot disk:b. ! !

! If nothing works, you can boot over the network as described in INSTALL.sparc64. !

! !

OpenBSD/alpha:

Write FTP:5.5/alpha/floppy55.fs or ! FTP:5.5/alpha/floppyB55.fs (depending on your machine) to a diskette and ! enter boot dva0. Refer to INSTALL.alpha for more details. ! !

! Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install ! will most likely fail. ! !

! !

OpenBSD/armish:

! After connecting a serial port, Thecus can boot directly from the network ! either tftp or http. Configure the network using fconfig, reset, ! then load bsd.rd, see INSTALL.armish for specific details. ! IOData HDL-G can only boot from an EXT-2 partition. Boot into linux ! and copy 'boot' and bsd.rd into the first partition on wd0 (hda1) ! then load and run bsd.rd, preserving the wd0i (hda1) ext2fs partition. ! More details are available in INSTALL.armish. !

! !

OpenBSD/hp300:

! Boot over the network by following the instructions in INSTALL.hp300. !

! !

OpenBSD/hppa:

! Boot over the network by following the instructions in INSTALL.hppa or the ! hppa platform page. !

! !

OpenBSD/landisk:

! Write miniroot55.fs to the start of the CF ! or disk, and boot normally. !

! !

OpenBSD/loongson:

! Write miniroot55.fs to a USB stick and boot bsd.rd from it ! or boot bsd.rd via tftp. ! Refer to the instructions in INSTALL.loongson for more details. !

! !

OpenBSD/luna88k:

! Copy `boot' and `bsd.rd' to a Mach or UniOS partition, and boot the bootloader ! from the PROM, and the bsd.rd from the bootloader. ! Refer to the instructions in INSTALL.luna88k for more details. !

! !

OpenBSD/mvme68k:

! You can create a bootable installation tape or boot over the network.
! The network boot requires a MVME68K BUG version that supports the NIOT ! and NBO debugger commands. Follow the instructions in INSTALL.mvme68k ! for more details. !

! !

OpenBSD/mvme88k:

! You can create a bootable installation tape or boot over the network.
! The network boot requires a MVME88K BUG version that supports the NIOT ! and NBO debugger commands. Follow the instructions in INSTALL.mvme88k ! for more details. !

! !

OpenBSD/octeon:

! After connecting a serial port, boot bsd.rd over the network via DHCP/tftp. ! Refer to the instructions in INSTALL.octeon for more details. !

! !

OpenBSD/sgi:

! To install, burn cd55.iso on a CD-R, put it in the CD drive of your ! machine and select Install System Software from the System Maintenance ! menu. Indigo/Indy/Indigo2 (R4000) systems will not boot automatically from ! CD-ROM, and need a proper invocation from the PROM prompt. ! Refer to the instructions in INSTALL.sgi for more details. ! !

! If your machine doesn't have a CD drive, you can setup a DHCP/tftp network ! server, and boot using "bootp()/bsd.rd.IP##" using the kernel matching your ! system type. Refer to the instructions in INSTALL.sgi for more details. !

! !

OpenBSD/socppc:

! After connecting a serial port, boot over the network via DHCP/tftp. ! Refer to the instructions in INSTALL.socppc for more details. !

! !

OpenBSD/sparc:

! ok boot cdrom 5.5/sparc/bsd.rd
! or
! > b sd(0,6,0)5.5/sparc/bsd.rd
!

! If your SPARC system does not have a CD drive, you can alternatively boot from floppy. ! To do so you need to write floppy55.fs to a floppy. ! For more information see FAQ 4.3.2. ! To boot from the floppy use one of the two commands listed below, ! depending on the version of your ROM. ! !

! ok boot floppy
! or
! > b fd()
!

! Make sure you use a properly formatted floppy with NO BAD BLOCKS or your install ! will most likely fail. ! !

! If your SPARC system doesn't have a floppy drive nor a CD drive, you can either ! setup a bootable tape, or install via network, as told in the ! INSTALL.sparc file. !

! !

OpenBSD/vax:

! Boot over the network via mopbooting as described in INSTALL.vax. ! ! !

OpenBSD/zaurus:

! Using the Linux built-in graphical ipkg installer, install the ! openbsd55_arm.ipk package. Reboot, then run it. Read INSTALL.zaurus ! for a few important details. !

! !

Notes about the source code:

! # mkdir -p /usr/src
! # cd /usr/src
! # tar xvfz /tmp/src.tar.gz
!

! sys.tar.gz contains a source archive starting at /usr/src/sys. ! This file contains all the kernel sources you need to rebuild kernels. ! To extract: !

! # mkdir -p /usr/src/sys
! # cd /usr/src
! # tar xvfz /tmp/sys.tar.gz
!

! Both of these trees are a regular CVS checkout. Using these trees it ! is possible to get a head-start on using the anoncvs servers as ! described here. ! Using these files ! results in a much faster initial CVS update than you could expect from ! a fresh checkout of the full OpenBSD source tree. !

! ! !

How to upgrade

! If you already have an OpenBSD 5.4 system, and do not want to reinstall, ! upgrade instructions and advice can be found in the ! Upgrade Guide. ! ! !

Ports Tree

! A ports tree archive is also provided. To extract: !

! # cd /usr
! # tar xvfz /tmp/ports.tar.gz
!

! The ports/ subdirectory is a checkout of the OpenBSD ports tree. Go ! read the ports page ! if you know nothing about ports ! at this point. This text is not a manual of how to use ports. ! Rather, it is a set of notes meant to kickstart the user on the ! OpenBSD ports system. !

! The ports/ directory represents a CVS (see the manpage for ! ! cvs(1) if ! you aren't familiar with CVS) checkout of our ports. As with our complete ! source tree, our ports tree is available via ! AnonCVS. ! So, in order to keep current with it, you must make the ports/ tree ! available on a read-write medium and update the tree with a command ! like: !

! # cd /usr/ports
! # cvs -d anoncvs@server.openbsd.org:/cvs update -Pd -rOPENBSD_5_5
!

! [Of course, you must replace the server name here with a nearby anoncvs ! server.] !

! Note that most ports are available as packages through FTP. Updated ! packages for the 5.5 release will be made available if problems arise. !

! If you're interested in seeing a port added, would like to help out, or just ! would like to know more, the mailing list ! ports@openbsd.org is a good place to know. !

! ! --- 1 ---- ! RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h